Thursday, January 22, 2015



Complete DHS Report for January 22, 2015

Daily Report

Top Stories

 · Authorities are assessing the total amount of damage and how long it will take before the Southcross Energy Natural Gas Plant near Gregory, Texas, will resume operations following an explosion at the plant January 20. – KRIS 6 Corpus Christi

1. January 21, KRIS 6 Corpus Christi – (Texas) Plant fire near Gregory sends fireballs high into the sky. Authorities are assessing the total amount of damage and how long it will take before the Southcross Energy Natural Gas Plant near Gregory, Texas, will resume operations following an explosion at the plant January 20. Pipelines that provide gas to the facility were shut off and the fire burned itself out after several hours. Source: http://www.kristv.com/news/plant-fire-near-gregory-sends-fireballs-high-into-the-sky/

 · The U.S. Centers for Disease Control and Prevention reported January 19 that elevated levels of benzene were found in water samples from a treatment plant that serves approximately 6,000 people in Glendive, Montana, following a Yellowstone River pipeline spill January 17. – Associated Press

17. January 20, Associated Press – (Montana) Cancer-causing agent detected in water after pipeline spill. The U.S. Centers for Disease Control and Prevention reported January 19 that elevated levels of benzene were found in water samples from a treatment plant that serves approximately 6,000 people in the community of Glendive, Montana, after 50,000 gallons of oil spilled from the Bridger Pipeline Co.-owned Poplar pipeline into the Yellowstone River January 17. Operations at the water treatment plant were halted indefinitely. Source: http://news.yahoo.com/cancer-causing-agent-detected-water-pipeline-spill-143731937.html

 · A gunman died from a self-inflicted gunshot wound after shooting and killing a doctor at Brigham and Women’s Hospital in Boston January 20. – CNN

18. January 21, CNN – (Massachusetts) Boston doctor dies after hospital shooting; suspect dead. A gunman died from a self-inflicted gunshot wound after shooting and killing a doctor at Brigham and Women’s Hospital in Boston January 20. The suspect entered the hospital and asked to speak with the doctor prior to the shooting. Source: http://www.cnn.com/2015/01/20/justice/boston-hospital-shooting/

 · Three New York residents, including 1 former U.S. Department of Justice and Internal Revenue Service (IRS) employee, were charged in federal court in Brooklyn January 15 for defrauding the U.S. government of more than $3.4 million by filing false claims. – Yuma Arizona News 

21. January 17, Yuma Arizona News – (New York) FDA employee, former corrections officer, and former IRS employee charged in multimillion dollar tax refund conspiracy. Three New York residents, including 1 former U.S. Department of Justice and Internal Revenue Service (IRS) employee, were indicated in federal court in Brooklyn January 15 for defrauding the U.S. government more than $3.4 million by filing false claims. Source: http://www.yumanewsnow.com/index.php/news/latest/9378-fda-employee-former-corrections-officer-and-former-irs-employee-charged-in-multimillion-dollar-tax-refund-conspiracy

Financial Services Sector

4. January 20, McAllen Monitor – (Texas) Former McAllen-based CEO admits to $26M wire fraud. A former chief executive of USA Dry Van Logistics, a McAllen-based trucking company, pleaded guilty January 20 to his role in a wire fraud scheme that defrauded GE Capital Corporation out of more than $26 million between March 2008 and January 2010. The former executive admitted to falsifying documentation to hide his company’s true financial condition in order to borrow hundreds of thousands of dollars every week and allow the company to appear profitable. Source: http://www.themonitor.com/news/local/former-mcallen-based-ceo-admits-to-m-wire-fraud/article_b70aa4e8-a10b-11e4-8775-57d016f0fc44.html

5. January 20, KLTV 7 Tyler – (Texas) ‘Loan Ranger Bandit’ pleads guilty to 13 bank robberies. A suspect known as the “Loan Ranger Bandit” pleaded guilty to 13 counts of bank robbery in federal court in Waco, Texas, January 16. The suspect admitted to 11 bank robberies in Texas and 2 bank robberies in Arkansas, and is suspected of additional bank robberies in Kentucky, Mississippi, and Texas. Source: http://www.kltv.com/story/27895106/loan-ranger-bandit-pleads-guilty-to-13-bank-robberies

6. January 20, Credit Union Times – (Michigan) Michigan police bust card fraud ring. Three suspects in connection to a payment card fraud ring were arraigned in Jackson County District Court January 12 on 1 count of criminal enterprise, racketeering proceeds and 5 counts of illegal use of sale of a financial device that caused more than 300 fraud complaints and $100,000 in bogus charges on member credit and debit cards from American 1 Credit Union. Source: http://www.cutimes.com/2015/01/20/michigan-police-bust-card-fraud-ring

Information Technology Sector

24. January 21, Securityweek – (International) Siemens fixes vulnerabilities in SCALANCE, SIMATIC solutions. Siemens released firmware updates for the SCALANCE X-300 switch family and SCALANCE X408 running firmware versions prior to 4.0 to address denial of service (DoS) vulnerabilities that can be exploited by an unauthenticated attacker to cause a device to reboot by sending malformed HTTP requests or sending specifically crafted network packets to the device’s FTP server. Source: http://www.securityweek.com/siemens-fixes-vulnerabilities-scalance-simatic-solutions

25. January 21, Softpedia – (International) Ransomware incidents on an upward trend, FBI warns. The FBI issued an alert January 20 and warned computer users of a newer variant of the CrytoWall data encryption malware that infects computers and restricts users’ access to files until a fee is paid and the files are unlocked. The malware has been spotted in the wild, featuring localized ransom messages and trying to connect to decryption services hidden in the Invisible Internet Project (I2P) network. Source: http://news.softpedia.com/news/Ransomware-Incidents-On-An-Upward-Trend-FBI-Warns-470683.shtml

26. January 21, Krebs on Security – (International) Java patch plugs 19 security holes. Oracle released its quarterly patch update for Java, closing at least 19 security vulnerabilities including 13 flaws that are remotely exploitable. Source: http://krebsonsecurity.com/2015/01/java-patch-plugs-19-security-holes/

27. January 21, Threatpost – (International) Hard-coded FTP credentials found in Schneider Electric SCADA Gateway. Schneider Electric released an update to address 2 flaws for their ETG3000 FactoryCast HMI Gateway, which is used in manufacturing, energy, water, and other industries as a Web-based SCADA system that could allow unauthenticated remote access to the device’s FTP server and configuration files. Source: http://threatpost.com/hard-coded-ftp-credentials-found-in-schneider-electric-scada-gateway/110565

28. January 19, Threatpost – (International) Potential code execution flaw haunts PolarSSL library. Researchers at Certified Secure discovered a vulnerability in PolarSSL, an open-source SSL library, which could enable an attacker to execute remote code execution and a denial of service (DoS) attack. Source: http://threatpost.com/potential-code-execution-flaw-haunts-polarssl-library/110505

Communications Sector

29. January 20, New York Daily News – (National) Viacom, ESPN hit with $1.4M FCC fine for using warning tones while promoting ‘Olympus Has Fallen’. The U.S. Federal Communications Commission issued a $1.12 million fine against Viacom and a $280,000 fine against ESPN January 20 for using Emergency Alert System warning tones for non-emergency purposes while promoting a movie on cable networks in 2013. Source: http://www.nydailynews.com/news/politics/fcc-fines-viacom-espn-warning-tones-promoting-film-article-1.2086034

For another story, see item 24 above in the Information Technology Sector